FireEye bought Mandiant for almost as much as Facebook bought Instagram for. I don’t know which part of that is sad yet. What I do know is that the deal is in a space I’ve been watching very closely (cyber security) and validates numerous predictions I’ve made over the last 6 months (internal to my current employer, sorry) about what is going to be happening in the industry.
For the uninitiated in this space, I think of cyber security in three categories of solutions:
1) Prevention (stop it before it happens, FireEye does this at the network layer)
2) Detection (tell someone about it happening, lots of Big Data companies here)
3) Response (do something about it, remove it or react to it)
Some facts of the deal:
– Price paid was approximately 10x sales and 20x earnings, which isn’t far off from multiples of firms in the prevention and detection spaces that are public
– 90% was paid out in equity that came from FireEye’s recent IPO
– FireEye increased its revenue projections over 40% as a result of the acquisition
What is surprising about the pricing is its being applied to a more overlooked area of cyber security (response). All of the venture and investment money has gone towards the prevention and detection side in recent years. But more pervasively, the mantra of “assume you are breached” and “we’ve tried prevention and detection before only to fail” is coming to light. To me, this acquisition, points to a trend of not only a consolidation in a fragmented supplier market towards creating only a few suppliers of end to end solutions through all phases of cyber security, but also a trend of recognizing the importance having response technology inside of the enterprise and resources who know how to use it. With the global distribution of enterprises, the advanced nature of cyber threats, and the high costs of outsourcing response, end to end solutions that effectively cover an organization’s cyber security needs will win the day.
Mandiant has largely been known as a security consulting firm, but they also have endpoint response and detection technology they sell to their customers. FireEye’s acquisition is twofold: 1) Institutional knowledge of bleeding edge threats and response to feed their network detection and prevention technology 2) endpoint protection technology that puts them in a better position to catch what they missed coming in.